The present invention relates generally to controlled information access, and more specifically to systems and methods for the authorization of access to information that may be correlated directly to a personal identifier that is created and assigned by a governmental organization or that may be correlated directly through one or more secondary personal or account identifiers to a personal identifier that is created and assigned by a governmental organization.
The use of computers, the Internet, and wireless technology has simplified the process of communicating and transacting in today's society. This technology enables and simplifies credit approvals, e-commerce, funds transfer to and from financial accounts, and access to information on specific topics or personal data such as credit card or bank account balances. Few would dispute the convenience that such technology has brought to the lives of those who use it. However, following close behind the horse of convenience is a chariot of vulnerability; specifically, a vulnerability to financial identity theft.
Identity theft and associated fraud has become a major concern for consumers. The United States Federal Trade Commission has reported that an estimated nine million Americans have their identity stolen every year. One survey has indicated that in 2006 alone, total fraud attributable to identity theft was 49.3 billion dollars. It has also been reported that a time in excess of forty man hours is expended on resolution of each instance of identity theft. Therefore, over one-hundred and fifty thousand man years are consumed in resolving such matters. Moreover, because stolen personal information may routinely be sold and traded among criminals, a data theft victim may have to resolve issues months and even years after the initial theft.
Perhaps the greatest keys that identity thieves possess are government issued identifiers and perhaps some associated or correlated information. Government issued identifiers, that is, identifiers created and assigned by a governmental body, such as social security numbers, for example, and information correlated to them are particularly vulnerable to theft and misuse because they may be easily accessed by a multitude of people other than the person to whom the number was issued. A social security number and information correlated to it are commonly used by colleges, banks, investment firms, hospitals, employers, insurance companies and many other organizations to manage and access an individual's personal records. More importantly, this information is the key required to open many financial doors such as securing credit or opening bank accounts. This makes this data exceptionally attractive to data thieves.
Because government issued identifiers and correlated data are typically electronically stored by organizations utilizing this information, the same is particularly susceptible to theft if not properly secured. It is common to read about the theft of laptops or hacking of computer files that contain names, addresses, birthdates, and social security numbers of individuals. In a period of less than three years, companies and government agencies reported security breaches of more than 200 million records containing the personal data of individuals. The theft of personal information has become such an issue that the majority of states have enacted legislation requiring that consumers affected by a data security breach be notified within a specified period of time. This notification must also include measures that the consumer may take to protect his financial identity. These measures may include activating a fraud alert which requires additional identification verification before the issuance of credit or a security freeze with the credit reporting agencies to restrict the release of credit data, and ongoing monitoring of credit bureau reports to detect fraudulent activity.
Prior information protection measures consisted primarily of reactive measures and rudimentary, often ineffective proactive measures. While consumers are fully aware of the value of their personal information and realize at least some vulnerability for information forgery or theft, consumers have had to rely upon security procedures and protocols of companies that hold or have general access to the consumers' personal information. Often times, once such protocols have been breached, the only recourse left to a victimized consumer is to completely shut down accounts or disassociate himself or herself from service providers. Upon such shut down or disassociation, transaction costs are further exacerbated by the fact that the consumer is then left to find other service providers, which may provide the exact same services as those he or she was previously associated.
Regarding prior rudimentary and generally ineffective proactive measures, examples include regular, or rather often irregular, manual password modifications for online account access and also certain “flag” settings on credit accounts. Other steps include shredding personal documents before discarding them, protecting one's government issued identifier or related information by not carrying them on one's person and by being mindful of giving personal information over the phone or online, and monitoring one's credit report. While these measures are valuable tips for deterring and/or detecting personal data theft, such measures do not protect personal data that may be stored at external organizations. Rather, consumers are completely dependent on these organizations to protect their personal information.
Another proactive measure utilized prior to the present invention was a security freeze placed on a consumer's credit information by various credit bureaus. This freeze is typically placed on the credit information of identity theft victims. Such freeze may delay, interfere with, or prevent the timely approval of any legitimate requests for new loans, consumer credit, mortgages, employment, housing or other services. Additionally, a typical fraud alert may be utilized, which often suspends pre-approved credit offers to a consumer for a specified period of time. However, a given consumer may wish to protect valuable financial information while still receiving such special offers.
Likewise, online banking, online bill pay, and online access of credit or financial portfolio statements each comes with its own set of security risks, particularly if a public computer, such as those found in hotels, is used to access personal financial information. Data thieves have been known to place data capture devices on these public computers to capture the user name and passwords of unsuspecting consumers. These user names and passwords are then used to conduct fraudulent financial activity.
Although state and federal laws generally limit victim responsibility for fraudulent purchases, such laws are inefficient because the overall impact of identity theft is much broader than financial liability. Restoring one's credit standing can be a long, arduous process. The art of information access control would benefit from systems and methods that allow greater proactive, or front-end, information access and/or liability control.